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CLAIMS 

What is claimed is: 

1. A method for evaluating a set of credentials comprising 
at least one group credential comprising: 

ascertaining at least one first trust rating within at 
least one of said credentials within said set of credentials 
including said group credential, wherein each of said first 
trust ratings is associated with a level of confidence in 
information being certified within the respective 
credential; 

determining a second trust rating for said set of 
credentials based, at least in part, upon an analysis of 
said at least one first trust rating; and 

providing a signal in the event said second trust 
rating satisfies predetermined criteria. 

2. The method of claim 1 wherein said providing step 
includes the step of comparing said second trust rating to a 
predetermined trust rating threshold and wherein said 
predetermined criteria comprises said predetermined trust 
rating threshold. 

3. The method of claim 1 wherein said determining step 
comprises the step of assigning said second trust rating 
equal to the lowest trust rating among the first trust 
ratings of the respective credentials within a single 
certification path. 

4. The method of claim 1 further including, in the event 
said set of credentials forms a plurality of certification 
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paths having at least one credential in each of said paths, 
the steps of : 

determining for each of said plurality of certification 
paths a third trust rating equal to the lowest trust rating 
5 in the credentials of the respective certification path; and 

assigning said second trust rating equal to the highest 
trust rating of said third trust ratings. 

5. The method of claim 4 wherein said providing step 
10 includes the step of comparing said second trust rating to 

said predetermined criteria. 

6. The method of claim 1 wherein said signal comprises an 
indication that access to a resource should be granted. 

15 

7 . The method of claim 6 further including the step of 
granting access to said resource in response to said 
indication. 

20 8. The method of claim 7 wherein said resource comprises a 
file on a file server. 

9. The method of claim 7 wherein said resource comprises a 
web page. 

25 

10. The method of claim 7 wherein said resource comprises a 
secure area. 

11. The method of claim 7 wherein said resource comprises a 
30 database. 
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12. The method of claim 3 wherein said ascertaining step 
further includes the step of obtaining an identity 
credential trust rating associated with an identity 
credential within said certification path. 

5 

13. A system for evaluating a set of credentials including 
at least one group credential comprising; 

a memory containing an access control program; and 

a processor operative to execute said access control 

10 program; 

said access control program comprising: 

program code for ascertaining at least one first 
trust rating within at least one of said credentials 
within said set of credentials including said group 

15 credential, wherein each of said first trust ratings is 

associated with a level of confidence in information 
being certified within the respective credential; 

program code for determining a second trust rating 
for said set of credentials based, at least in part, 

20 upon an analysis of said at least one first trust 

rating; and 

program code for providing a signal in the event 
said second trust rating satisfies predetermined 
criteria . 

25 

14. The system of claim 13 wherein said access control 
program further includes program code for comparing said 
second trust rating to a predetermined trust rating 
threshold and wherein said predetermined criteria comprises 

30 said predetermined trust rating threshold. 
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15. The system of claim 13 wherein said program code for 
determining said second trust rating includes program code 
for assigning said second trust rating as the lowest trust 
rating among the respective credentials within a single 

5 certification path. 

16. The system of claim 13 wherein said access control 
program further includes program code operative in the event 
said set of credentials forms plural certification paths 

10 for: 

determining for each of said plural certification paths 
a third trust rating equal to the lowest trust rating in the 
credentials within the respective certification path; and 

assigning said second trust rating equal to the highest 
15 trust rating of said third trust ratings. 

17. The system of claim 13 wherein said signal comprises an 
indication that access to a resource should be granted. 

20 18. A computer program product including a computer 
readable medium, said computer readable medium having an 
access control program stored thereon, said access control 
program for execution on a processor and comprising: 

program code for ascertaining at least one first trust 

25 rating within at least one credential within a set of 
credentials including group credential, wherein each of said 
first trust ratings is associated with a level of confidence 
in information being certified within the respective 
credential; 
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program code for determining a second trust rating for 
said set of credentials based, at least in part, upon an 
analysis of said at least one first trust rating; and 

program code for providing a signal in the event said 
5 second trust rating satisfies predetermined criteria. 

19. A computer data signal, said computer data signal 
including a computer program for use in evaluating a set of 
credentials, said computer program comprising: 

10 program code for ascertaining at least one first trust 

rating within at least one credential within said set of 
credentials, wherein said set of credentials includes a 
group credential and wherein each of said first trust 
ratings is associated with a level of confidence in 

15 information being certified within the respective 
credential; 

program code for determining a second trust rating for 
said set of credentials based, at least in part, upon an 
analysis of said at least one first trust rating; and 
20 program code for providing a signal in the event said 

second trust rating satisfies predetermined criteria. 

20. A system for evaluating a set of credentials including 
at least one group credential comprising; 

25 means for storing an access control program; and 

means for executing said access control program out of 
said storing means, said access control program including: 

program code for ascertaining at least one first 
trust rating within at least one of said credentials 
30 within said set of credentials including said group 

credential, wherein each of said first trust ratings is 
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associated with a level of confidence in information 
being certified within the respective credential; 

program code for determining a second trust rating 
for said set of credentials based, at least in part, 
upon an analysis of said at least one first trust 
rating; and 

program code for providing a signal in the event 
said second trust rating satisfies predetermined 
criteria . 

21. A method for evaluating a set of credentials comprising 
at least one group credential comprising: 

ascertaining at least one first trust rating within at 
least one of said credentials within said set of credentials 
including said group credential, wherein each of said first 
trust ratings is associated with a level of confidence in 
information being certified within the respective 
credential; 

determining a second trust rating for said set of 
credentials based, at least in part, upon an analysis of 
said at least one first trust rating; and 

storing said second trust rating for subsequent use. 

22. The method of claim 21 further including the step of 
inserting said second trust rating stored in said storing 
step in another group credential. 
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